Android M Preview 2 released today, and the bulk of the changes in this release are related to the new opt-in permission system.
I wonder if we can extrapolate from this that the permission changes only started to be worked on in earnest somewhat late in M's development? All will be revealed in this regard when M's source code publicly releases and we can snoop on the code commits.
One particularly noteworthy change:
Apps included in the system image are no longer granted dangerous permissions automatically. All apps should check for and request permissions at runtime.
This is very interesting. Currently if Google Play Services requires a new permission, it will be auto-updated without a user actually granting access to that new permission.
I wondered how Google would handle the new opt-in permission system with their own pre-installed apps, given as a general rule, Google sure does like itself some data.
Google have seemingly opted to play on the same field as everyone else in this regard, which is terrific news.
And even better news is that the pre-installed bloatware that comes on 99% of today's Android devices will not automatically have access to your sensitive data (assuming device manufacturers don't bypass this themselves of course).